CVE-2015-5453

Watchguard XCS <10.0 - Command Injection

Title source: llm

Description

Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotebsd
https://www.exploit-db.com/exploits/38346
metasploit WORKING POC EXCELLENT
rubypocbsd
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/http/watchguard_cmd_exec.rb

References (8)

Scores

EPSS 0.7245
EPSS Percentile 98.8%

Details

CWE
CWE-77
Status published
Products (2)
watchguard/xcs 9.2
watchguard/xcs 10.0
Published Jul 08, 2015
Tracked Since Feb 18, 2026